Technical Field
Example embodiments of the present invention relate to an apparatus and method for content handling, for example to maintain confidentiality and increase content integrity.
Example embodiments of the present invention find use in an electronic content handling system when content, for example electronic documents, are to be transferred across a computer network for analysis by a user of a client terminal, and/or transferred from a client terminal to a content server.
Description of Related Art
In delivery of media content, for example music or audio-visual data, the problem of preventing unauthorised storage and/or reproduction of the electronic content is well known, and is referred to as digital rights management. In the context of content comprising electronic documents, where the information in the documents may be industrially or commercially sensitive and therefore access is to be controlled, the concept of information rights management has been developed. Typically this involves storing documents in an encrypted format to inhibit unauthorised access. In addition, documents, when decrypted may be handled within a framework which prevents reproduction by controlling copy and paste, or other reproduction according to set policies.
The implementation of strong information rights management policies within an organisation, for example the establishment of standards for encryption, access and permissions management according to known frameworks for authorised reproduction is relatively straightforward, in the sense that the organisation in question can build a complete set of policies and a framework for enforcement of the policies. However, problems may arise when the organisation wants to apply information rights management policies to documents which are to be accessed outside the framework over which it has full control.
In particular, problems may arise when a document is to be transferred to a client terminal outside an organisation, for analysis by a user of the client terminal. Although the user of the client terminal may be verified as a trusted individual, the features and security status of the client terminal may not be known in advance of the transfer. The security status of the client terminal may change while the document is being stored by the client terminal. If the client terminal is compromised then the information security of the document and its content is put at risk.
A typical situation where this problem arises is in the provision of an industrially or commercially sensitive document to an outside linguist in order for a translation to be prepared. The linguist can access a document using a client terminal, analyse the document, prepare the translation on the client terminal, but this ought to be possible only within information rights management policies determined according to the organisation that originates the document. The content server may belong to a trusted intermediary between the organisation that originates the sensitive document and the linguist. For example, the content server may belong to a translation service provider, with many linguists that work for the translation service provider able to download documents onto personal client terminals on which translations will be prepared. In this situation, compromise of the client terminals of the translators is difficult to determine, and therefore a need arises to improve content handling to maintain confidentiality and increase content integrity. Furthermore, content handling in this context ought not to get in the way of controlled access to the content nor impede the work or analysis which is done at the client terminal. Subsequent provision of content back to the content server ought also to be regulated, but in a way that does not impede the upload process.
The example embodiments have been provided with a view to addressing at least some of the difficulties that are encountered in current content handling systems, whether those difficulties have been specifically mentioned above or will otherwise be appreciated from the discussion herein.